Overview

URL 26472.xc.wenpie.com/xiaz/heu@34_146163.exe
IP114.55.188.114
ASN
Location China
Report completed2019-02-22 07:21:22 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-02-22 2 26472.xc.wenpie.com/xiaz/heu@34_146163.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 114.55.188.114

Date UQ / IDS / BL URL IP
2019-03-24 19:02:44 +0100
0 - 0 - 1 url.nszmz.com/down/2@48_16306.exe 114.55.188.114
2019-03-24 18:42:15 +0100
0 - 2 - 1 14614.xc.41gw.com/xiaz/@626_3803.exe 114.55.188.114
2019-03-24 18:42:02 +0100
0 - 0 - 1 xc.05cg.com/xiaz/5@1616_55117.exe 114.55.188.114
2019-03-24 18:41:40 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/chrome%E6%9E%81%E9%80% (...) 114.55.188.114
2019-03-24 18:41:21 +0100
0 - 4 - 1 14614.xc.41gw.com/xiaz/itunes@29285_3295.exe 114.55.188.114
2019-03-24 18:40:38 +0100
0 - 0 - 1 14614.xc.41gw.com/xiaz/%E8%85%BE%E8%AE%AFQQ@2 (...) 114.55.188.114
2019-03-24 18:29:05 +0100
0 - 0 - 1 1234.xc.41gw.com/xiaz/wp.s%20office%E5%AE%98% (...) 114.55.188.114
2019-03-24 18:28:31 +0100
0 - 0 - 1 url.tudown.com/down/vpshellres.dll@156_82115.exe 114.55.188.114
2019-03-24 18:22:24 +0100
0 - 4 - 1 url.222bz.com/down/Visual%20C%20%20%E6%95%B0% (...) 114.55.188.114
2019-03-24 18:16:15 +0100
0 - 0 - 1 11273.url.9xiazaiqi.com/down/thematica%204.1% (...) 114.55.188.114

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-03-24 19:37:35 +0100
0 - 0 - 0 https://curia.serveo.net 159.89.214.31
2019-03-24 19:36:47 +0100
0 - 0 - 1 ufphr.top/ 118.89.233.154
2019-03-24 19:36:35 +0100
0 - 2 - 0 d3re3v83p38gli.cloudfront.net/$j56bucreya2f/s (...) 143.204.51.88
2019-03-24 19:32:59 +0100
0 - 1 - 1 www.freeemulator.com/emulator-files/nintendo- (...) 162.241.252.206
2019-03-24 19:32:45 +0100
0 - 0 - 1 ekloy4taah.xxxnn.cn/dlak/zhongzhi/50204-102-1.apk 47.111.69.237
2019-03-24 19:32:46 +0100
0 - 2 - 2 bettermannow.com/wp-content/counter/exe3.exe 34.198.16.179
2019-03-24 19:31:46 +0100
0 - 0 - 1 prpops.com/p/sb7n/direct?prc_c=1553443164 131.153.42.228
2019-03-24 19:30:11 +0100
0 - 0 - 1 prpops.com/p/sb7n/direct?prc_c=1553443164 131.153.42.226
2019-03-24 19:29:27 +0100
0 - 1 - 0 www.autoshutdownpro.com/downloads/autosetup.exe 103.68.164.190
2019-03-24 19:27:30 +0100
0 - 0 - 1 login.mlcrosoftonline.com.eu-secured.com/ 52.31.179.242

No other reports on domain: wenpie.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /xiaz/heu@34_146163.exe HTTP/1.1 
Host: 26472.xc.wenpie.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         101.201.62.45
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Fri, 22 Feb 2019 06:20:51 GMT
Content-Length: 1343536
Connection: keep-alive
Content-Disposition: attachment; filename*="utf8''heu@34_146163.exe"


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1343536
Md5:    12c4cf0e304d80b1e477abb794ae7784
Sha1:   9b89ae0158a590f89cfa710e84205c1ded1b87f7
Sha256: d5def93088f48ddc91cb47114b89453c793c87d0b411a91ded6aec7b822a3fb1

Alerts:
  Blacklists:
    - fortinet: Malware